I spent a long time yesterday to configure for my CouchDB instance in order to create a little app and letting CouchDB manage authentication and authorizations for me.

So I ended up with something like that :

On top of everything I've got a server admin, who basically is god on my CouchBD instance.

Then I created a database named "mydatabase" (for example) and added the role "mydatabase_dba" as admin and also the role "mydatabase_user" as reader.

I also created a database named "_users" which contains all the database admins and users with their roles and also a design document named "_auth" which manages authorizations.

Only the server admin is admin of this database, and I added users with role "mydatabase_dba" as readers. Then, for those of you who knows about it, I modified the "validate_doc_update" field o the "_auth" document so that users with role "mydatabase_dba" can only deals with users with role "mydatabase_user".

So, to summarize at this point :

• server admin is still god
• users with role "mydatabase_user" can connect to "mydatabase" but they are just readers
• users with role "mydatabase_dba" are admins of "mydatabase"
• users with role "mydatabase_dba" can connect to database "_users" where they are readers
• users with role "mydatabase_dba" can only manage users of role "mydatabase_user" in "_users"

Hope this is clear :D

What I can do now is create an application that will not manage users itself, but let users connect to CouchDB directly (transparently).

The problem come when it deals with users creation/update/deletion.

Because only users with role "mydatabase_dba" can access to the "_users" database and work on users with roles "mydatabase_user", I need at some point to connect to CouchDB as this db admin.

I have two solutions :

• Create a user interface into my app that will let the admin connect and do what he has to do

or

• Make some more code and let the app do it automatically, this is the solution I prefer, but the problem is : I have to store the admin credentials...

Sorry for the long introduction but I had to describe the landscape first :)

I created a post yesterday about how I could secure the connection between my app and the CouchDB instance : here

The solution I was given is to use HTTP over SSL (/TLS) to secure the communication. I'm okay with that, but now I have another concern, maybe I'm paranoid, but because my app will need to connect as "mydatabase_dba", I have to store its credential somewhere.

But how to store them securely ? As said in my previous post, even if I store the hashed password instead of the plain text password, if an attacker access my app source code, he'll have my admin credentials...

An application should never have an administrative rights. It should only be given the bare minim rights it needs to function. If the application needs some administrative rights, make sure it has as few as possible. Other than that, most of the time these credentials are stored in plain text in some file that only your application can access.

Never commit this text file into your source code manager (Subversion, Git, etc.)! Placing the file into a running system must be a step in the installation procedure.